Privacy Policy
Effective date: August 2025
Ollex Enterprises (“Ollex,” “we,” “us,” or “our”) acts as an administrative provider and Merchant of Record for digital services fulfilled by independent third-party vendors. This Privacy Policy describes the information we collect, how we use and disclose it, and the choices available to you.
This Policy covers:
Visitors to our websites and hosted checkout/payment pages.
Individuals who pay Ollex for services fulfilled by independent vendors.
Vendors and partners who work with Ollex.
If you do not agree with this Policy, please do not use our sites or provide personal information.
Information We Collect
A. Website Visitors
Identifiers & contact (if you submit them): name, email, phone.
Technical data: IP address, device/OS/browser details, pages viewed, timestamps, and approximate location inferred from IP.
Cookies: currently limited to those necessary for site operation and checkout (see Cookies below).
B. Customers (Payers)
Transaction details: name, email, amount, currency, invoice/payment-link data, order/brand descriptors (e.g., statement descriptors showing Olex and/or brand), and refund/chargeback outcomes.
Payment data: card type and last four digits or other tokenized identifiers and authorization results.
We do not store full primary account numbers or CVV. Card details go directly to our PCI DSS-validated payment processors; we receive tokens/limited metadata to complete the transaction. (PCI Security Standards Council)
C. Vendors/Partners
Business & contact: names, emails, phone, company/brand information, roles.
Payout & compliance: payout instructions required by our payment platforms, tax/verification data where required, and service-delivery metadata (e.g., proof-of-sale/proof-of-delivery references).
D. Communications
Support & disputes: messages, attachments, timestamps, and internal notes used for fraud/chargeback handling and compliance.
How We Collect Information
Directly from you (forms, email, support interactions).
Automatically via essential cookies and server logs (security and performance).
From payment processors during checkout and chargeback workflows.
From vendors/partners when they provide order status or delivery confirmations.
How We Use Information (Purposes & Legal Bases)
Provide and operate our services.
Generate invoices/payment links, process payments, manage orders, coordinate vendor confirmations and payouts.
Legal bases: contract performance; legitimate interests; legal obligations (e.g., tax/accounting).Fraud prevention and platform security.
Risk checks, anomaly detection, and manual reviews.
Legal bases: legitimate interests; legal obligations.Customer support and disputes.
Respond to requests, process refunds, and manage chargebacks with payment platforms and card networks.
Legal bases: contract performance; legitimate interests.Compliance and recordkeeping.
Tax/accounting, regulatory inquiries, and audit defense.
Legal bases: legal obligations.Service maintenance and improvement (non-profiling).
Diagnose availability/performance issues; maintain and improve reliability.
Legal bases: legitimate interests.Marketing.
We do not send marketing emails or SMS at this time.
Cookies & Similar Technologies
Current use: only strictly necessary cookies (session, security, checkout).
If this changes: we will update this Policy and, where required, request consent for optional cookies (e.g., analytics/advertising).
Global signals: where legally required (e.g., California, Colorado), we honor recognized universal opt-out mechanisms such as Global Privacy Control (GPC) that communicate a user’s choice to opt out of “sale”/“sharing” or targeted advertising. (California DOJ; Future of Privacy Forum)
Sharing & Disclosure (Categories)
We disclose personal information only as needed to operate our services, comply with law, or protect rights:
Payment platforms and financial entities (e.g., card processors, digital wallets, acquiring/issuing banks, card networks) to process payments, refunds, chargebacks, and vendor payouts.
Service providers supporting our operations (secure hosting/infrastructure, transactional email, customer support tools, document storage) under written agreements and only per our instructions.
Independent vendors that fulfill services you purchase—limited to what they need to deliver/confirm the service and handle support.
Compliance and safety: auditors, accountants, legal counsel, regulators, and law enforcement where required by law.
Business transfers: in a merger, acquisition, or asset sale, data may transfer consistent with this Policy.
We do not sell personal information or “share” it for cross-context behavioral advertising as defined under California law. If that changes, we will update this Policy and honor required opt-outs (including recognized global signals). (California DOJ)
International Data Transfers
Your information may be processed and stored outside your country. Where required (e.g., EU/EEA/UK transfers), we implement appropriate safeguards such as the European Commission Standard Contractual Clauses (SCCs) and, for the UK, the International Data Transfer Agreement/Addendum (IDTA). (European Commission; UK ICO)
Data Retention
Financial/transaction records: retained for 10 years for tax, accounting, fraud, and chargeback defense.
Customer support/dispute records: kept for the transaction lifecycle and applicable legal periods.
Operational logs (security/performance): retained for the shortest practical time consistent with operations and security.
When retention ends, we delete or de-identify data unless the law requires longer storage.
Security
We use administrative, technical, and organizational measures to help protect information, including TLS encryption in transit, least-privilege access, and vendor due-diligence/contractual controls. Payment card data is handled by PCI DSS-validated processors; Olex does not store full card numbers or CVV. (PCI Security Standards Council)
Your Privacy Rights
A. EU/UK (GDPR/UK GDPR)
Subject to conditions and exceptions, you may have rights to access, rectify, erase, restrict, object, data portability, and to withdraw consent (where processing relies on consent). We respond within statutory timelines. (EDPB; GDPR)
B. United States (state privacy laws)
Depending on your state, you may have rights to know/access, correct, delete, and opt out of sale/sharing/targeted advertising, plus the right to appeal a denied request. We verify identity and respond within required timelines.
California/Colorado: we recognize legally approved universal opt-out mechanisms such as GPC. (California DOJ; Future of Privacy Forum)
Texas (TDPSA): Texans have consumer privacy rights effective July 1, 2024; we comply with applicable duties under the Act. (Texas Attorney General; Texas DIR)
How to exercise your rights: See Contact Us below. Authorized agents may submit requests where permitted by law; we may require proof of authority and identity.
Children’s Privacy
Our services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect personal information from children; if you believe a child has provided information, contact us and we will delete it.
Automated Decision-Making
We do not make decisions with legal or similarly significant effects solely by automated means. Automated fraud/risk signals may be used, but adverse actions include human review.
Third-Party Links
If our pages link to other websites, those sites’ privacy practices are governed by their own policies.
Changes to This Policy
We may update this Policy to reflect legal or operational changes. We will post the updated version with a new Effective date and, where required, provide additional notice.
Contact Us (and Data Controller)
Data Controller: Ollex Enterprises LLC
Email: ollexenterprisesllc@gmail.com